Canokey is a project to simulate a smartcard that deals with GPG keys among others. It is able to handle all kinds asymmetric ciphers including elliptic curves.
QEMU has developed a device that emulates and attaches it to a guest over USB. The upstream code needs to be built as there is no readily available package for it. However this is it - the trusted GPG holy-grail that Qubes had for some time now except it supports many more key types.
This is arguably easier to deal with than contorting a GPG key to fit into an emulated TPM.
https://www.qemu.org/docs/master/system/devices/canokey.html#id9